| Darren Tucker | 5573171 | 2014-07-21 02:24:59 +1000 | [diff] [blame] | 1 | /* $Id: openssl-compat.h,v 1.29 2014/07/20 16:24:59 dtucker Exp $ */ |
| Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 2 | |
| 3 | /* |
| 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
| 5 | * |
| 6 | * Permission to use, copy, modify, and distribute this software for any |
| 7 | * purpose with or without fee is hereby granted, provided that the above |
| 8 | * copyright notice and this permission notice appear in all copies. |
| 9 | * |
| 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 14 | * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER |
| 15 | * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING |
| 16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 17 | */ |
| 18 | |
| 19 | #include "includes.h" |
| Damien Miller | 9a3d0dc | 2010-10-07 22:06:42 +1100 | [diff] [blame] | 20 | #include <openssl/opensslv.h> |
| Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 21 | #include <openssl/evp.h> |
| Damien Miller | 4b1ec83 | 2010-05-12 17:49:59 +1000 | [diff] [blame] | 22 | #include <openssl/rsa.h> |
| 23 | #include <openssl/dsa.h> |
| 24 | |
| Darren Tucker | 316fac6 | 2014-06-17 23:06:07 +1000 | [diff] [blame] | 25 | int ssh_compatible_openssl(long, long); |
| 26 | |
| Damien Miller | 8668706 | 2014-07-02 15:28:02 +1000 | [diff] [blame] | 27 | #if (OPENSSL_VERSION_NUMBER <= 0x0090805fL) |
| 28 | #error OpenSSL 0.9.8f or greater is required |
| Darren Tucker | cb52017 | 2007-06-14 23:21:32 +1000 | [diff] [blame] | 29 | #endif |
| 30 | |
| Damien Miller | da5cc5d | 2013-01-20 22:31:29 +1100 | [diff] [blame] | 31 | #if OPENSSL_VERSION_NUMBER < 0x10000001L |
| Damien Miller | 9a3d0dc | 2010-10-07 22:06:42 +1100 | [diff] [blame] | 32 | # define LIBCRYPTO_EVP_INL_TYPE unsigned int |
| 33 | #else |
| 34 | # define LIBCRYPTO_EVP_INL_TYPE size_t |
| 35 | #endif |
| 36 | |
| Darren Tucker | 5573171 | 2014-07-21 02:24:59 +1000 | [diff] [blame] | 37 | #ifndef OPENSSL_HAVE_EVPCTR |
| 38 | #define EVP_aes_128_ctr evp_aes_128_ctr |
| 39 | #define EVP_aes_192_ctr evp_aes_128_ctr |
| 40 | #define EVP_aes_256_ctr evp_aes_128_ctr |
| 41 | const EVP_CIPHER *evp_aes_128_ctr(void); |
| 42 | void ssh_aes_ctr_iv(EVP_CIPHER_CTX *, int, u_char *, size_t); |
| 43 | #endif |
| 44 | |
| Damien Miller | d522c68 | 2013-01-09 16:42:47 +1100 | [diff] [blame] | 45 | /* Avoid some #ifdef. Code that uses these is unreachable without GCM */ |
| 46 | #if !defined(OPENSSL_HAVE_EVPGCM) && !defined(EVP_CTRL_GCM_SET_IV_FIXED) |
| 47 | # define EVP_CTRL_GCM_SET_IV_FIXED -1 |
| 48 | # define EVP_CTRL_GCM_IV_GEN -1 |
| 49 | # define EVP_CTRL_GCM_SET_TAG -1 |
| 50 | # define EVP_CTRL_GCM_GET_TAG -1 |
| 51 | #endif |
| 52 | |
| Damien Miller | b6f73b3 | 2013-02-11 10:39:12 +1100 | [diff] [blame] | 53 | /* Replace missing EVP_CIPHER_CTX_ctrl() with something that returns failure */ |
| 54 | #ifndef HAVE_EVP_CIPHER_CTX_CTRL |
| 55 | # ifdef OPENSSL_HAVE_EVPGCM |
| 56 | # error AES-GCM enabled without EVP_CIPHER_CTX_ctrl /* shouldn't happen */ |
| 57 | # else |
| 58 | # define EVP_CIPHER_CTX_ctrl(a,b,c,d) (0) |
| 59 | # endif |
| 60 | #endif |
| 61 | |
| Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 62 | /* |
| Darren Tucker | 4123636 | 2005-11-20 14:09:59 +1100 | [diff] [blame] | 63 | * We overload some of the OpenSSL crypto functions with ssh_* equivalents |
| Damien Miller | 8668706 | 2014-07-02 15:28:02 +1000 | [diff] [blame] | 64 | * to automatically handle OpenSSL engine initialisation. |
| Darren Tucker | 4123636 | 2005-11-20 14:09:59 +1100 | [diff] [blame] | 65 | * |
| 66 | * In order for the compat library to call the real functions, it must |
| 67 | * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and |
| 68 | * implement the ssh_* equivalents. |
| Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 69 | */ |
| Darren Tucker | fabdb6c | 2006-02-20 20:17:35 +1100 | [diff] [blame] | 70 | #ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS |
| Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 71 | |
| Darren Tucker | 3322e0d | 2006-02-22 00:00:27 +1100 | [diff] [blame] | 72 | # ifdef USE_OPENSSL_ENGINE |
| Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 73 | # ifdef OpenSSL_add_all_algorithms |
| 74 | # undef OpenSSL_add_all_algorithms |
| Darren Tucker | 3322e0d | 2006-02-22 00:00:27 +1100 | [diff] [blame] | 75 | # endif |
| Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 76 | # define OpenSSL_add_all_algorithms() ssh_OpenSSL_add_all_algorithms() |
| Darren Tucker | bfaaf96 | 2008-02-28 19:13:52 +1100 | [diff] [blame] | 77 | # endif |
| Darren Tucker | a55ec77 | 2005-06-09 21:45:10 +1000 | [diff] [blame] | 78 | |
| Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 79 | void ssh_OpenSSL_add_all_algorithms(void); |
| Darren Tucker | e9b3ad7 | 2012-01-17 14:03:34 +1100 | [diff] [blame] | 80 | |
| Darren Tucker | fabdb6c | 2006-02-20 20:17:35 +1100 | [diff] [blame] | 81 | #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ |
| Damien Miller | 4b1ec83 | 2010-05-12 17:49:59 +1000 | [diff] [blame] | 82 | |